Relative Size Is Irrelevant: The Equifax Dilemma

Actimize FMC Product Team, Financial Markets Compliance
Just like the ongoing debates among forecasters in recent weeks about the relative size of Hurricanes Harvey and Irma, the scale and implications of this latest breach involving Equifax are enormous despite the fact that it might not register as “the” largest breach ever. Yes, there have been larger incidents (e.g. Yahoo’s breach of nearly 1 billion account records) but the size of this one – while troubling – is not the main reason it is newsworthy.

This event becomes “newsworthy” since it now effectively means that:

  • Attackers can now open new accounts more easily. Whether it’s a financial account or otherwise, the credentials that most organizations require for new account opening are now barely relevant for roughly half of the US population.
  • Common consumer-related authentication problems will exist for a long time. The credentials stolen can be used to attack and to manipulate so many different types of accounts (financial, telco, utilities, etc.). This means that the implications of this attack go far beyond the financial services world.
  • Don’t just think about the online world. They also going beyond the online world, as these credentials are used to prove who you are to a call center agent, to a store clerk at a wireless store (e.g. when upgrading a device), and also of course online.
  • Consumers don’t have an obvious outlet: Who is a consumer going to report this breach incident to? Equifax (and its competitors) are basically the last line of defense when a US consumer wants to do something to mitigate possible identity theft. Who are US consumers supposed to hire to help them figure out identity theft-related problems?

This breach poses enormous problems to US regulators, US consumers, and US businesses. The very fabric of how “The Average American Consumer” proves who they claim to be has been turned on its head if the credentials that were supposedly stolen prove to truly have been stolen.

Accepting this new normal, and then actually doing something about it, is going to be an issue that we as a society will continue to deal with in the coming years. Barring any significant regulatory, business, or technology change (which for a country of more than 300 million people is hard to fathom would happen quickly), the direct and indirect associated problems stemming from this breach will probably live on longer than most other breaches we’ve seen in the past few years.

Reg BI is Not Going Anywhere – How Firms Should Move Forward

April 8th, 2020
David T. Ackerman, Subject Matter Expert, Communications Compliance Line of Business

3 Take-Aways from SIFMA’s Reg BI Forum

January 30th, 2020
David T. Ackerman, Subject Matter Expert, Communications Compliance Line of Business
Speak to an Expert


We use cookies to ensure that we give you the best experience on this website. If you continue without changing your settings, we’ll assume that you are happy to receive all on the NICE website. However, if you would like, you can change your cookie settings at any time. To find out more about how we use this information, see ourPrivacy Policy.